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DETAILED ACTION 

1. This action is in reply to a claim Election filed on 04 December 2006. Claims 1- 
22 are pending. 

Election/Restrictions 

2. Applicant's election with traverse of claims 1-22 in the reply filed on 04 December 
2006 is acknowledged. The traversal is on the ground(s) that the two groups contain a 
number of similar claims. The Applicant argues that claim 8 is common to both groups, 
and the Examiner agrees, however the claim serves only to discuss the two process to 
be usable together, and as pointed out in the previous action the two groups have 
materially different functions and separate utility. The search for either group is not co- 
extensive and would require an undue burden on the Examiner, as pointed out in the 
previous action. 

The requirement is still deemed proper and is therefore made FINAL. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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3. Claims 1,2,5,8-10,14,16,17 and 20 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Suuronen (US PgPub 2003/0145228). 

4. As per claim 1 , Suuronen discloses a device, comprising: 

At least one interface configured to receive data transmitted via a network (see 

fig- D; 

A firewall configured to: 

Receive data from the at least one interface, determine whether the data 
potentially contains malware content, and identify first data in the received data that 
potentially contains malicious content [0019] and [0020]; 
Intrusion detection logic configured to: 

Receive the first data, and generate report information based on the first 

data; and 

Forwarding logic configured to: 

Receive the report information, and determine whether to forward the first 
data for processing by a user application based on the report information ([0020] and 
[0021] wherein the report information are the virus updates sent to the firewall from the 
intrusion detection logic). 

5. As per claim 2, Suuronen discloses the device of claim 1 , wherein the forwarding 
logic is further configured to: 

Forward the first data to a user device executing the user application when the 
determining indicates that the first data does not contain malicious content, and discard 
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the first data when the determining indicates that the first data contains malicious 
content [0021]. 

6. As per claim 5, Suuronen discloses the device of claim 1 , wherein the firewall 
comprises anti-virus logic configured to examine a data stream for viral signatures using 
at least one of a signature-based technique, a heuristic technique and a rough set logic 
technique ([0021] wherein the scanning engine comprising a database typically 
classifies as a signature based technique. Moreover the Examiner mentions that all are 
well-known virus detection techniques and would be necessarily obvious in view of prior 
art). 

7. As per claim 8, Suuronen disclose the device of claim 1 , wherein at least one of 
the firewall, the intrusion detection logic and the forwarding logic is configured to receive 
rule-based processing information from an external device via the network ([0021] lines 
14-21). 

8. As per claim 9, Suuronen discloses the device of claim 8, wherein at least one of 
the firewall, intrusion detection logic and forward logic is further configured to receive 
updated rule-based processing information from the external device ([0021] lines 14- 
21). 

9. Claim 10 is rejected because it discloses similar subject matter to claim 2. 

10. Claim 14 is rejected because it discloses similar subject matter to claim 5. 

1 1 . Claim 16 is rejected because it discloses similar subject matter to claim 2, 
wherein the Examiner points out that the first set of rules would be those used by the 
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firewall to determine packets that necessarily do not contain malware and the second 
set of rules is applied by the virus scanning engine. 

12. Claim 17 is rejected because it discloses similar subject matter to claim 2. 

13. Claim 20 is rejected because it discloses similar subject matter to claim 5. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 3-4,6-7,11-13,15,18-19, and 21-22 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Suuronen. 

15. As per claim 3, Suuronen discloses the device of claim 1 , but does not disclose 
wherein the forwarding logic is further configured to: 

Defer a forwarding decision to a central management system based on 
parameters associated with the report information, and 

Forward the report information to the central management system. 

The Examiner takes official notice that it is well known and very common in 
intrusion detection systems to defer a forwarding decision to a third party or central 
management system. Motivation commonly used in the art for doing this is such that 
not all decisions are very clear; depending on the situation, logic may not be able to 
make the best decision to forward the data so a network manager is typically polled for 
the proper action to be taken. 
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16. As per claim 4, Suuronen discloses the device of claim 3, but does not disclose 
further comprising: 

A virtual private network gateway configured to establish a secure connection 
with the central management system. 

The examiner points to figure 3, wherein the gateway firewall is used to protect a 
LAN, which as is commonly known in the art to typically consist of an enterprise network 
in which virtual private networks are commonly established. One of ordinary skill in the 
art would see this as an obvious enhancement of Suuronen, due to its widespread and 
established use in the art. 

17. As per claim 6, Suuronen discloses the device of claim 5, but does not explicitly 
disclose wherein the anti-virus logic is further configured to identify unsolicited 
messages ([0012] last sentence). 

The Examiner takes official notice that is well known and common in the art for 
firewalls to protect networks from unsolicited messages. Firewalls typically serve as a 
gateway for a private network where it is highly desired to prevent messages from 
entering the network that are not initiated by a device behind the firewall. Motivation as 
would be well known to one of ordinary skill in the art would be to protect the network 
from unsolicited messages that may flood the private network. 

1 8. As per claim 7, Suuronen discloses the device of claim 1 , further comprising: 
a processing device executing the user application, the user application being 

associated with at least one of video-on-demand, video-based training, on-line gaming, 
on-line shopping, downloading music files and downloading games ([0019] lines 19-22 
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wherein this embodiment is possible when the firewall is located at the destination 
computer as is commonly performed in the art as would be known to one of ordinary 
skill). 

19. Claim 1 1 is rejected because it discloses similar subject matter to claim 3. 

20. Claim 12 is rejected because it discloses similar subject matter to claim 4. 

21. As per claim 13, Suuronen disclose the method of claim 11, but does not 
disclose further comprising: 

receiving, from the external device, information indicating whether the first data is 
to be forwarded to the user device; and dropping the first data when the information 
indicates that the first data is not to be forwarded. 

The Examiner points to the rejection of claim 3, wherein as is commonly 
practiced in the art as would be well known of ordinary skill, the network manager 
necessarily communicates the decision to the forwarding device whether or not to 
forward the data. This is a very well understood feature commonly used in the art. 

22. As per claim 15, Suuronen discloses the method according to claim 10, but does 
not explicitly disclose wherein the identifying comprises identifying spam. The Examiner 
notes however, in view of the rejection to claim 6, that spam may apply to unsolicited 
messages as would be understood to one of ordinary skill in the art. 

23. Claim 18 is rejected because it discloses similar subject matter to claim 3. 

24. Claim 19 is rejected because it discloses similar subject matter to claim 4. 

25. Claim 21 is rejected because it discloses similar subject matter to claim 15. 

26. Claim 22 is rejected because it discloses similar subject matter to claim 7. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can normally be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner 

Art Unit 2132 
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